[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 27 21:10:38 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
92a065de by security tracker role at 2021-08-27T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,16 @@
-CVE-2021-40153 [Unsquashfs: fix write outside destination directory exploit ]
+CVE-2021-40154
+ RESERVED
+CVE-2021-40152
+ RESERVED
+CVE-2021-40151
+ RESERVED
+CVE-2021-3746
+ RESERVED
+CVE-2021-3745
+ RESERVED
+CVE-2021-3744
+ RESERVED
+CVE-2021-40153 (squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the file ...)
[experimental] - squashfs-tools 1:4.5-1
- squashfs-tools <unfixed>
NOTE: https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790
@@ -2138,8 +2150,8 @@ CVE-2021-39171
RESERVED
CVE-2021-39170
RESERVED
-CVE-2021-39169
- RESERVED
+CVE-2021-39169 (Misskey is a decentralized microblogging platform. In versions of Miss ...)
+ TODO: check
CVE-2021-39168 (OpenZepplin is a library for smart contract development. In affected v ...)
TODO: check
CVE-2021-39167 (OpenZepplin is a library for smart contract development. In affected v ...)
@@ -3011,7 +3023,7 @@ CVE-2021-38760
RESERVED
CVE-2021-38759
RESERVED
-CVE-2021-38758 (Directory traversal in Online Catering Reservation System due to lack ...)
+CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...)
NOT-FOR-US: Directory traversal in Online Catering Reservation System
CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...)
NOT-FOR-US: Hospital Management System
@@ -8088,10 +8100,10 @@ CVE-2021-36533
RESERVED
CVE-2021-36532
RESERVED
-CVE-2021-36531
- RESERVED
-CVE-2021-36530
- RESERVED
+CVE-2021-36531 (ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLI ...)
+ TODO: check
+CVE-2021-36530 (ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NG ...)
+ TODO: check
CVE-2021-36529
RESERVED
CVE-2021-36528
@@ -10853,8 +10865,8 @@ CVE-2021-35344
RESERVED
CVE-2021-35343 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php ...)
NOT-FOR-US: SeedDMS
-CVE-2021-35342
- RESERVED
+CVE-2021-35342 (The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x b ...)
+ TODO: check
CVE-2021-35341
RESERVED
CVE-2021-35340
@@ -16836,7 +16848,7 @@ CVE-2021-32763 (OpenProject is open-source, web-based project management softwar
CVE-2021-32762
RESERVED
CVE-2021-32761 (Redis is an in-memory database that persists on disk. A vulnerability ...)
- {DLA-2717-1}
+ {DLA-2717-2 DLA-2717-1}
- redis 5:6.0.15-1 (bug #991375)
[buster] - redis <no-dsa> (Minor issue)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj
@@ -16845,8 +16857,8 @@ CVE-2021-32760 (containerd is a container runtime. A bug was found in containerd
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
CVE-2021-32759
RESERVED
-CVE-2021-32758
- RESERVED
+CVE-2021-32758 (OpenMage Magento LTS is an alternative to the Magento CE official rele ...)
+ TODO: check
CVE-2021-32757
RESERVED
CVE-2021-32756 (ManageIQ is an open-source management platform. In versions prior to j ...)
@@ -24639,8 +24651,8 @@ CVE-2021-29746
RESERVED
CVE-2021-29745
RESERVED
-CVE-2021-29744
- RESERVED
+CVE-2021-29744 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...)
+ TODO: check
CVE-2021-29743
RESERVED
CVE-2021-29742 (IBM Security Verify Access Docker 10.0.0 could allow a user to imperso ...)
@@ -27210,39 +27222,32 @@ CVE-2021-28702
RESERVED
CVE-2021-28701
RESERVED
-CVE-2021-28700 [xen/arm: No memory limit for dom0less domUs]
- RESERVED
+CVE-2021-28700 (xen/arm: No memory limit for dom0less domUs The dom0less feature allow ...)
- xen <unfixed>
[buster] - xen <not-affected> (Only affects 4.12 and later)
[stretch] - xen <not-affected> (Only affects 4.12 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-383.html
-CVE-2021-28699 [inadequate grant-v2 status frames array bounds check]
- RESERVED
+CVE-2021-28699 (inadequate grant-v2 status frames array bounds check The v2 grant tabl ...)
- xen <unfixed>
[stretch] - xen <not-affected> (Only affects 4.10 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-382.html
-CVE-2021-28698 [long running loops in grant table handling]
- RESERVED
+CVE-2021-28698 (long running loops in grant table handling In order to properly monito ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-380.html
-CVE-2021-28697 [grant table v2 status pages may remain accessible after de-allocation]
- RESERVED
+CVE-2021-28697 (grant table v2 status pages may remain accessible after de-allocation ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-379.html
-CVE-2021-28696
- RESERVED
+CVE-2021-28696 (IOMMU page mapping issues on x86 T[his CNA information record relates ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-378.html
-CVE-2021-28695
- RESERVED
+CVE-2021-28695 (IOMMU page mapping issues on x86 T[his CNA information record relates ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-378.html
-CVE-2021-28694
- RESERVED
+CVE-2021-28694 (IOMMU page mapping issues on x86 T[his CNA information record relates ...)
- xen <unfixed>
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-378.html
@@ -28310,8 +28315,8 @@ CVE-2021-28235
RESERVED
CVE-2021-28234
RESERVED
-CVE-2021-28233
- RESERVED
+CVE-2021-28233 (Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 v ...)
+ TODO: check
CVE-2021-28232
RESERVED
CVE-2021-28231
@@ -34204,8 +34209,8 @@ CVE-2021-3266
RESERVED
CVE-2021-3265
RESERVED
-CVE-2021-3264
- RESERVED
+CVE-2021-3264 (SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in p ...)
+ TODO: check
CVE-2021-3263
RESERVED
CVE-2021-3262
@@ -39857,8 +39862,8 @@ CVE-2021-23436
RESERVED
CVE-2021-23435
RESERVED
-CVE-2021-23434
- RESERVED
+CVE-2021-23434 (This affects the package object-path before 0.11.6. A type confusion v ...)
+ TODO: check
CVE-2021-23433
RESERVED
CVE-2021-23432 (This affects all versions of package mootools. This is due to the abil ...)
@@ -71282,8 +71287,8 @@ CVE-2020-23228
RESERVED
CVE-2020-23227
RESERVED
-CVE-2020-23226
- RESERVED
+CVE-2020-23226 (Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1. ...)
+ TODO: check
CVE-2020-23225
RESERVED
CVE-2020-23224
@@ -79996,16 +80001,16 @@ CVE-2020-19004
RESERVED
CVE-2020-19003
RESERVED
-CVE-2020-19002
- RESERVED
-CVE-2020-19001
- RESERVED
-CVE-2020-19000
- RESERVED
-CVE-2020-18999
- RESERVED
-CVE-2020-18998
- RESERVED
+CVE-2020-19002 (Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers ...)
+ TODO: check
+CVE-2020-19001 (Command Injection in Simiki v1.6.2.1 and prior allows remote attackers ...)
+ TODO: check
+CVE-2020-19000 (Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote ...)
+ TODO: check
+CVE-2020-18999 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers t ...)
+ TODO: check
+CVE-2020-18998 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers t ...)
+ TODO: check
CVE-2020-18997
RESERVED
CVE-2020-18996
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92a065de80a317d2105e39fcaae9c14b1cf2db5f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92a065de80a317d2105e39fcaae9c14b1cf2db5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210827/31cac895/attachment.htm>
More information about the debian-security-tracker-commits
mailing list